CVE-2025-0498
Published: 30 January 2025
Summary
CVE-2025-0498 is a critical-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Rockwellautomation Factorytalk Assetcentre. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Application Access Token (T1528); ranked at the 34.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires protecting user token authenticator content from unauthorized disclosure and modification, addressing the core insecure storage issue in FactoryTalk AssetCentre.
Mandates confidentiality protections such as encryption for information at rest, preventing theft of insecurely stored FactoryTalk Security user tokens.
Enforces approved authorizations for access to system resources including token storage locations, blocking unauthorized network-accessible reads that enable token theft and user impersonation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure token storage (CWE-522) directly enables credential theft (T1552/T1528) and impersonation with valid accounts (T1078).
NVD Description
A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and, impersonate…
more
another user.
Deeper analysisAI
CVE-2025-0498 is a data exposure vulnerability affecting all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The issue arises from insecure storage of FactoryTalk® Security user tokens (CWE-522), which could allow a threat actor to steal a token and impersonate another user. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-30.
The vulnerability can be exploited by any unauthenticated attacker with network access to the affected system, requiring low complexity and no user interaction. Successful exploitation enables token theft, allowing the attacker to impersonate legitimate users and achieve high impacts on confidentiality, integrity, and availability.
Mitigation details are provided in the Rockwell Automation security advisory at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html.
Details
- CWE(s)